JWT, Meet Me Outside: How I Decoded, Re-Signed, and Owned the App
1 min read
Summary
During a caffeine-fuelled evening, the author of the article spotted an interesting endpoint which appeared as part of target’s API.
This endpoint, authenticate token, is often used in OAuth, which is a common authentication method.
Upon inspecting the network traffic, HTML was returned in the response, and after further investigation, the JWT was found.
Using this JWT, the author was able to potentially gain access to other areas of the target due to the token having a long lifespan.
With this, the author could make requests on behalf of the user, with the user being none the wiser.
However, the author stresses that this is not a method of attack to be used frivolously, rather, it is vital to gain the user’s trust in order to not disrupt their experience and erode their confidence in the service provider.